CVE-2012-1590
N/A
N/A
Summary
The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://drupal.org/drupal-7.14
- http://www.securityfocus.com/bid/53359
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:074
- http://secunia.com/advisories/49012
- http://drupal.org/node/1557938
- http://drupal.org/node/1302404
- http://drupalcode.org/project/drupal.git/commit/352645e4a636cadeb5576231b3547972eebdd8e5
References
- http://drupal.org/drupal-7.14
- http://www.securityfocus.com/bid/53359
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:074
- http://secunia.com/advisories/49012
- http://drupal.org/node/1557938
- http://drupal.org/node/1302404
- http://drupalcode.org/project/drupal.git/commit/352645e4a636cadeb5576231b3547972eebdd8e5
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.